Sophos Anti-Virus detection: a technical overview

This paper describes the main components of Sophos Anti-Virus and how they relate to each other. It discusses virus scanning, detection methods and the creation of virus descriptions. An overview of what happens when a virus is found is followed by an assessment of the benefits of Sophos’s approach.

Note: the precise details of how Sophos Anti-Virus works vary from platform to platform. For the purposes of this paper, unless otherwise stated, the technology described concerns Windows 32 platforms.